With the development of smart terminals and network applications, a user may access various network applications via various client applications installed on a terminal. During the access, the user generally needs to perform identity authentication, membership registration, network transaction, or the like. In the meanwhile, an application server may verify the user identity. The traditional mode for verification is an application server check. That is, a user sends a pre-set check password to an application server via a terminal, and when the application server verifies that the check password is consistent with a password at the time of user registration, the check is passed. The check password in the above check mode, however, may be easily stolen by a malicious third party through a Trojan program. Therefore, generally, during check, a terminal local check may be an alternative of the application server check. For example, based on check prompting information sent by the application server or the terminal itself, the terminal locally performs user-biometric-based fingerprint check, dynamic-identifying-based gesture check, or the like, so as to complete user identity check and send a check result to the server.
Problems can occur when a malicious third party simulates the terminal to interact with the server for sending a forged terminal local check to the server. For example, when the terminal local check is used to replace the application server check, the server cannot determine the trustworthiness of the terminal local check mode, which serves as a substitute check mode. Under such scenarios, the lack of trustworthiness makes the reliability of the existing security check mode poor and the access security of network applications low.